diff --git a/api/proto/teleport/legacy/types/webauthn/webauthn.proto b/api/proto/teleport/legacy/types/webauthn/webauthn.proto index 8b3f0c4a8dfe0..e96abaca38f3f 100644 --- a/api/proto/teleport/legacy/types/webauthn/webauthn.proto +++ b/api/proto/teleport/legacy/types/webauthn/webauthn.proto @@ -41,23 +41,6 @@ option (gogoproto.unmarshaler_all) = true; // WebAuthn messages used by server storage. // ----------------------------------------------------------------------------- -// SessionData stored by the Relying Party during authentication ceremonies. -// Mirrors https://pkg.go.dev/github.com/go-webauthn/webauthn/webauthn#SessionData. -message SessionData { - // Raw challenge used for the ceremony. - bytes challenge = 1 [(gogoproto.jsontag) = "challenge,omitempty"]; - // Raw User ID. - bytes user_id = 2 [(gogoproto.jsontag) = "userId,omitempty"]; - // Raw Credential IDs of the credentials allowed for the ceremony. - repeated bytes allow_credentials = 3 [(gogoproto.jsontag) = "allowCredentials,omitempty"]; - // True if resident keys were required by the server / Relying Party. - bool resident_key = 4 [(gogoproto.jsontag) = "residentKey,omitempty"]; - // Requested user verification requirement, either "discouraged" or - // "required". - // An empty value is treated equivalently to "discouraged". - string user_verification = 5 [(gogoproto.jsontag) = "userVerification,omitempty"]; -} - // User represents a WebAuthn user. // Used mainly to correlated a WebAuthn user handle with a Teleport user. message User { diff --git a/api/types/webauthn/webauthn.pb.go b/api/types/webauthn/webauthn.pb.go index 35fdb48a7605a..c7664972f2089 100644 --- a/api/types/webauthn/webauthn.pb.go +++ b/api/types/webauthn/webauthn.pb.go @@ -39,94 +39,6 @@ var _ = math.Inf // proto package needs to be updated. const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package -// SessionData stored by the Relying Party during authentication ceremonies. -// Mirrors https://pkg.go.dev/github.com/go-webauthn/webauthn/webauthn#SessionData. -type SessionData struct { - // Raw challenge used for the ceremony. - Challenge []byte `protobuf:"bytes,1,opt,name=challenge,proto3" json:"challenge,omitempty"` - // Raw User ID. - UserId []byte `protobuf:"bytes,2,opt,name=user_id,json=userId,proto3" json:"userId,omitempty"` - // Raw Credential IDs of the credentials allowed for the ceremony. - AllowCredentials [][]byte `protobuf:"bytes,3,rep,name=allow_credentials,json=allowCredentials,proto3" json:"allowCredentials,omitempty"` - // True if resident keys were required by the server / Relying Party. - ResidentKey bool `protobuf:"varint,4,opt,name=resident_key,json=residentKey,proto3" json:"residentKey,omitempty"` - // Requested user verification requirement, either "discouraged" or - // "required". - // An empty value is treated equivalently to "discouraged". - UserVerification string `protobuf:"bytes,5,opt,name=user_verification,json=userVerification,proto3" json:"userVerification,omitempty"` - XXX_NoUnkeyedLiteral struct{} `json:"-"` - XXX_unrecognized []byte `json:"-"` - XXX_sizecache int32 `json:"-"` -} - -func (m *SessionData) Reset() { *m = SessionData{} } -func (m *SessionData) String() string { return proto.CompactTextString(m) } -func (*SessionData) ProtoMessage() {} -func (*SessionData) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{0} -} -func (m *SessionData) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *SessionData) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_SessionData.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *SessionData) XXX_Merge(src proto.Message) { - xxx_messageInfo_SessionData.Merge(m, src) -} -func (m *SessionData) XXX_Size() int { - return m.Size() -} -func (m *SessionData) XXX_DiscardUnknown() { - xxx_messageInfo_SessionData.DiscardUnknown(m) -} - -var xxx_messageInfo_SessionData proto.InternalMessageInfo - -func (m *SessionData) GetChallenge() []byte { - if m != nil { - return m.Challenge - } - return nil -} - -func (m *SessionData) GetUserId() []byte { - if m != nil { - return m.UserId - } - return nil -} - -func (m *SessionData) GetAllowCredentials() [][]byte { - if m != nil { - return m.AllowCredentials - } - return nil -} - -func (m *SessionData) GetResidentKey() bool { - if m != nil { - return m.ResidentKey - } - return false -} - -func (m *SessionData) GetUserVerification() string { - if m != nil { - return m.UserVerification - } - return "" -} - // User represents a WebAuthn user. // Used mainly to correlated a WebAuthn user handle with a Teleport user. type User struct { @@ -141,7 +53,7 @@ func (m *User) Reset() { *m = User{} } func (m *User) String() string { return proto.CompactTextString(m) } func (*User) ProtoMessage() {} func (*User) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{1} + return fileDescriptor_0d490a6db28e8798, []int{0} } func (m *User) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -189,7 +101,7 @@ func (m *CredentialAssertion) Reset() { *m = CredentialAssertion{} } func (m *CredentialAssertion) String() string { return proto.CompactTextString(m) } func (*CredentialAssertion) ProtoMessage() {} func (*CredentialAssertion) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{2} + return fileDescriptor_0d490a6db28e8798, []int{1} } func (m *CredentialAssertion) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -250,7 +162,7 @@ func (m *PublicKeyCredentialRequestOptions) Reset() { *m = PublicKeyCred func (m *PublicKeyCredentialRequestOptions) String() string { return proto.CompactTextString(m) } func (*PublicKeyCredentialRequestOptions) ProtoMessage() {} func (*PublicKeyCredentialRequestOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{3} + return fileDescriptor_0d490a6db28e8798, []int{2} } func (m *PublicKeyCredentialRequestOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -341,7 +253,7 @@ func (m *CredentialAssertionResponse) Reset() { *m = CredentialAssertion func (m *CredentialAssertionResponse) String() string { return proto.CompactTextString(m) } func (*CredentialAssertionResponse) ProtoMessage() {} func (*CredentialAssertionResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{4} + return fileDescriptor_0d490a6db28e8798, []int{3} } func (m *CredentialAssertionResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -421,7 +333,7 @@ func (m *AuthenticatorAssertionResponse) Reset() { *m = AuthenticatorAss func (m *AuthenticatorAssertionResponse) String() string { return proto.CompactTextString(m) } func (*AuthenticatorAssertionResponse) ProtoMessage() {} func (*AuthenticatorAssertionResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{5} + return fileDescriptor_0d490a6db28e8798, []int{4} } func (m *AuthenticatorAssertionResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -490,7 +402,7 @@ func (m *CredentialCreation) Reset() { *m = CredentialCreation{} } func (m *CredentialCreation) String() string { return proto.CompactTextString(m) } func (*CredentialCreation) ProtoMessage() {} func (*CredentialCreation) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{6} + return fileDescriptor_0d490a6db28e8798, []int{5} } func (m *CredentialCreation) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -561,7 +473,7 @@ func (m *PublicKeyCredentialCreationOptions) Reset() { *m = PublicKeyCre func (m *PublicKeyCredentialCreationOptions) String() string { return proto.CompactTextString(m) } func (*PublicKeyCredentialCreationOptions) ProtoMessage() {} func (*PublicKeyCredentialCreationOptions) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{7} + return fileDescriptor_0d490a6db28e8798, []int{6} } func (m *PublicKeyCredentialCreationOptions) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -673,7 +585,7 @@ func (m *CredentialCreationResponse) Reset() { *m = CredentialCreationRe func (m *CredentialCreationResponse) String() string { return proto.CompactTextString(m) } func (*CredentialCreationResponse) ProtoMessage() {} func (*CredentialCreationResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{8} + return fileDescriptor_0d490a6db28e8798, []int{7} } func (m *CredentialCreationResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -749,7 +661,7 @@ func (m *AuthenticatorAttestationResponse) Reset() { *m = AuthenticatorA func (m *AuthenticatorAttestationResponse) String() string { return proto.CompactTextString(m) } func (*AuthenticatorAttestationResponse) ProtoMessage() {} func (*AuthenticatorAttestationResponse) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{9} + return fileDescriptor_0d490a6db28e8798, []int{8} } func (m *AuthenticatorAttestationResponse) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -809,7 +721,7 @@ func (m *AuthenticationExtensionsClientInputs) Reset() { *m = Authentica func (m *AuthenticationExtensionsClientInputs) String() string { return proto.CompactTextString(m) } func (*AuthenticationExtensionsClientInputs) ProtoMessage() {} func (*AuthenticationExtensionsClientInputs) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{10} + return fileDescriptor_0d490a6db28e8798, []int{9} } func (m *AuthenticationExtensionsClientInputs) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -862,7 +774,7 @@ func (m *AuthenticationExtensionsClientOutputs) Reset() { *m = Authentic func (m *AuthenticationExtensionsClientOutputs) String() string { return proto.CompactTextString(m) } func (*AuthenticationExtensionsClientOutputs) ProtoMessage() {} func (*AuthenticationExtensionsClientOutputs) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{11} + return fileDescriptor_0d490a6db28e8798, []int{10} } func (m *AuthenticationExtensionsClientOutputs) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -918,7 +830,7 @@ func (m *AuthenticatorSelection) Reset() { *m = AuthenticatorSelection{} func (m *AuthenticatorSelection) String() string { return proto.CompactTextString(m) } func (*AuthenticatorSelection) ProtoMessage() {} func (*AuthenticatorSelection) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{12} + return fileDescriptor_0d490a6db28e8798, []int{11} } func (m *AuthenticatorSelection) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -984,7 +896,7 @@ func (m *CredentialDescriptor) Reset() { *m = CredentialDescriptor{} } func (m *CredentialDescriptor) String() string { return proto.CompactTextString(m) } func (*CredentialDescriptor) ProtoMessage() {} func (*CredentialDescriptor) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{13} + return fileDescriptor_0d490a6db28e8798, []int{12} } func (m *CredentialDescriptor) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1046,7 +958,7 @@ func (m *CredentialParameter) Reset() { *m = CredentialParameter{} } func (m *CredentialParameter) String() string { return proto.CompactTextString(m) } func (*CredentialParameter) ProtoMessage() {} func (*CredentialParameter) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{14} + return fileDescriptor_0d490a6db28e8798, []int{13} } func (m *CredentialParameter) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1104,7 +1016,7 @@ func (m *RelyingPartyEntity) Reset() { *m = RelyingPartyEntity{} } func (m *RelyingPartyEntity) String() string { return proto.CompactTextString(m) } func (*RelyingPartyEntity) ProtoMessage() {} func (*RelyingPartyEntity) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{15} + return fileDescriptor_0d490a6db28e8798, []int{14} } func (m *RelyingPartyEntity) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1169,7 +1081,7 @@ func (m *UserEntity) Reset() { *m = UserEntity{} } func (m *UserEntity) String() string { return proto.CompactTextString(m) } func (*UserEntity) ProtoMessage() {} func (*UserEntity) Descriptor() ([]byte, []int) { - return fileDescriptor_0d490a6db28e8798, []int{16} + return fileDescriptor_0d490a6db28e8798, []int{15} } func (m *UserEntity) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -1220,7 +1132,6 @@ func (m *UserEntity) GetDisplayName() string { } func init() { - proto.RegisterType((*SessionData)(nil), "webauthn.SessionData") proto.RegisterType((*User)(nil), "webauthn.User") proto.RegisterType((*CredentialAssertion)(nil), "webauthn.CredentialAssertion") proto.RegisterType((*PublicKeyCredentialRequestOptions)(nil), "webauthn.PublicKeyCredentialRequestOptions") @@ -1244,142 +1155,68 @@ func init() { } var fileDescriptor_0d490a6db28e8798 = []byte{ - // 1073 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x5b, 0x6f, 0x1b, 0x45, - 0x14, 0xd6, 0xda, 0xeb, 0xd4, 0x3e, 0x36, 0x95, 0x3b, 0x71, 0x5b, 0x53, 0x5a, 0xc7, 0x5d, 0x40, - 0xb2, 0xc8, 0xc5, 0x28, 0x88, 0x07, 0x28, 0x17, 0xe5, 0x52, 0x44, 0x12, 0xb5, 0x89, 0xb6, 0x02, - 0x09, 0x5e, 0x56, 0xe3, 0xdd, 0x83, 0x3d, 0x65, 0xbd, 0xbb, 0x9d, 0x99, 0x6d, 0x6a, 0xf1, 0x93, - 0x78, 0xe3, 0x89, 0x37, 0x5e, 0x91, 0x78, 0xe1, 0x17, 0x84, 0x2a, 0x8f, 0xf9, 0x15, 0x68, 0x67, - 0xaf, 0xb6, 0x37, 0x4d, 0x00, 0x89, 0xb7, 0xd9, 0x73, 0xce, 0x77, 0x66, 0xe6, 0x7c, 0xe7, 0x3b, - 0x3b, 0xb0, 0x29, 0xd1, 0xc5, 0xc0, 0xe7, 0x72, 0xe8, 0xe2, 0x98, 0xda, 0xb3, 0xa1, 0x9c, 0x05, - 0x28, 0x86, 0xa7, 0x38, 0xa2, 0xa1, 0x9c, 0x78, 0xd9, 0x62, 0x2b, 0xe0, 0xbe, 0xf4, 0x49, 0x3d, - 0xfd, 0xbe, 0xd7, 0x19, 0xfb, 0x63, 0x5f, 0x19, 0x87, 0xd1, 0x2a, 0xf6, 0x1b, 0x7f, 0x54, 0xa0, - 0xf9, 0x0c, 0x85, 0x60, 0xbe, 0xb7, 0x4f, 0x25, 0x25, 0x1f, 0x43, 0xc3, 0x9e, 0x50, 0xd7, 0x45, - 0x6f, 0x8c, 0x5d, 0xad, 0xaf, 0x0d, 0x5a, 0xbb, 0x77, 0x2f, 0xce, 0xd6, 0x56, 0x33, 0xe3, 0x86, - 0x3f, 0x65, 0x12, 0xa7, 0x81, 0x9c, 0x99, 0x79, 0x24, 0xd9, 0x84, 0x1b, 0xa1, 0x40, 0x6e, 0x31, - 0xa7, 0x5b, 0x51, 0xa0, 0xce, 0xc5, 0xd9, 0x5a, 0x3b, 0x32, 0x1d, 0x38, 0x05, 0xc4, 0x4a, 0x6c, - 0x21, 0x47, 0x70, 0x8b, 0xba, 0xae, 0x7f, 0x6a, 0xd9, 0x1c, 0x1d, 0xf4, 0x24, 0xa3, 0xae, 0xe8, - 0x56, 0xfb, 0xd5, 0x41, 0x6b, 0xb7, 0x77, 0x71, 0xb6, 0x76, 0x4f, 0x39, 0xf7, 0x72, 0x5f, 0x21, - 0x45, 0x7b, 0xd1, 0x47, 0x3e, 0x83, 0x16, 0x47, 0xc1, 0xa2, 0x6f, 0xeb, 0x47, 0x9c, 0x75, 0xf5, - 0xbe, 0x36, 0xa8, 0xef, 0xbe, 0x7d, 0x71, 0xb6, 0x76, 0x3b, 0xb5, 0x1f, 0xe1, 0xac, 0x90, 0xa2, - 0x59, 0x30, 0x47, 0x47, 0x51, 0x27, 0x7f, 0x89, 0x9c, 0xfd, 0xc0, 0x6c, 0x2a, 0x99, 0xef, 0x75, - 0x6b, 0x7d, 0x6d, 0xd0, 0x88, 0x8f, 0x12, 0x39, 0xbf, 0x2d, 0xf8, 0x8a, 0x47, 0x59, 0xf4, 0x19, - 0xeb, 0xa0, 0x7f, 0x23, 0x90, 0x93, 0x77, 0xe1, 0xad, 0x94, 0x26, 0x2b, 0x0a, 0x52, 0x95, 0x6c, - 0x98, 0xad, 0xd4, 0x18, 0x05, 0x19, 0x14, 0x56, 0xf3, 0x6b, 0xec, 0x08, 0x81, 0x3c, 0xca, 0x41, - 0x0e, 0x01, 0x82, 0x70, 0xe4, 0x32, 0x5b, 0x5d, 0x26, 0x02, 0x36, 0xb7, 0xd7, 0xb7, 0x32, 0x5a, - 0x4f, 0x94, 0xef, 0x08, 0x67, 0x39, 0xd6, 0xc4, 0x17, 0x21, 0x0a, 0x79, 0x1c, 0x44, 0x78, 0x61, - 0x36, 0x82, 0x34, 0xc4, 0xf8, 0xad, 0x02, 0x0f, 0xaf, 0x04, 0x90, 0xfb, 0x4b, 0x9c, 0x17, 0xa9, - 0x7d, 0x00, 0x20, 0xd9, 0x14, 0xfd, 0x50, 0x5a, 0x53, 0xa1, 0xd8, 0xad, 0x9a, 0x8d, 0xc4, 0xf2, - 0x44, 0x90, 0x55, 0xa8, 0xf1, 0x20, 0xe2, 0xbd, 0xaa, 0xae, 0xa8, 0xf3, 0xe0, 0x32, 0x7e, 0xf5, - 0x7e, 0x75, 0xd0, 0xdc, 0xee, 0xe5, 0x57, 0xc9, 0x0f, 0xb4, 0x8f, 0xc2, 0xe6, 0x2c, 0x90, 0x3e, - 0x2f, 0xe1, 0xf7, 0x29, 0x00, 0xbe, 0x92, 0xe8, 0x45, 0x3d, 0x2a, 0x14, 0x35, 0xcd, 0xed, 0xad, - 0x3c, 0xcb, 0x4e, 0x28, 0x27, 0x51, 0x68, 0x4c, 0xc1, 0xe3, 0x2c, 0x72, 0xcf, 0x65, 0xe8, 0xc9, - 0x03, 0x2f, 0x08, 0xa5, 0x30, 0x0b, 0x19, 0xc8, 0x7a, 0x19, 0xe3, 0x2b, 0xea, 0xf4, 0xcb, 0x8c, - 0xfe, 0xa5, 0xc1, 0x3b, 0x25, 0x2c, 0x99, 0x28, 0x02, 0xdf, 0x13, 0x48, 0x08, 0xe8, 0x91, 0x00, - 0x13, 0x82, 0xd5, 0x9a, 0xdc, 0x86, 0x15, 0x4e, 0x4f, 0x33, 0x2d, 0x98, 0x35, 0x4e, 0x4f, 0x0f, - 0x1c, 0xb2, 0x0f, 0x75, 0x9e, 0xc0, 0x54, 0xb1, 0x9a, 0xdb, 0x83, 0xd2, 0x5b, 0xf8, 0x7c, 0x69, - 0x1b, 0x33, 0x43, 0x92, 0xe3, 0xb9, 0x6a, 0xe8, 0x2a, 0xcf, 0xf0, 0xba, 0xd5, 0x38, 0x0e, 0xe5, - 0x62, 0x39, 0x8c, 0x5f, 0x35, 0xe8, 0xbd, 0x79, 0x77, 0x32, 0x80, 0xb6, 0xad, 0xf0, 0x96, 0x43, - 0x25, 0xb5, 0x9e, 0x0b, 0xdf, 0x4b, 0xfa, 0xe4, 0x66, 0x6c, 0x8f, 0x46, 0xc7, 0xa1, 0xf0, 0x3d, - 0xb2, 0x09, 0x84, 0x16, 0x73, 0x29, 0x40, 0x52, 0x86, 0x5b, 0x73, 0x1e, 0x35, 0x6d, 0xee, 0x43, - 0x43, 0xb0, 0xb1, 0x47, 0x65, 0xc8, 0xe3, 0x9a, 0xb4, 0xcc, 0xdc, 0x40, 0xd6, 0xa0, 0xa9, 0x88, - 0x9a, 0x50, 0xcf, 0x71, 0x51, 0xdd, 0xb5, 0x65, 0x42, 0x64, 0xfa, 0x5a, 0x59, 0x0c, 0x0a, 0x24, - 0xe7, 0x66, 0x8f, 0xa3, 0xba, 0x33, 0x39, 0x2a, 0x11, 0xd0, 0xc6, 0x1b, 0x05, 0x94, 0x42, 0x4b, - 0x14, 0xf4, 0xb3, 0x0e, 0xc6, 0xd5, 0x88, 0x2b, 0x24, 0xb4, 0x01, 0x15, 0x1e, 0xa8, 0x2a, 0x34, - 0xb7, 0xef, 0xe7, 0x27, 0x31, 0xd1, 0x9d, 0x31, 0x6f, 0x7c, 0x42, 0xb9, 0x9c, 0x3d, 0xf6, 0x24, - 0x93, 0x33, 0xb3, 0xc2, 0x03, 0x32, 0x00, 0x5d, 0xcd, 0x8c, 0xb8, 0x47, 0x3a, 0x79, 0x7c, 0x34, - 0x35, 0x92, 0x38, 0x15, 0x41, 0x4c, 0xb8, 0x9d, 0x0b, 0xcc, 0x0a, 0x28, 0xa7, 0x53, 0x94, 0xc8, - 0x53, 0xa9, 0x3d, 0x28, 0x93, 0xda, 0x49, 0x1a, 0x65, 0x76, 0xec, 0x65, 0xa3, 0x58, 0x90, 0x7b, - 0x6d, 0x51, 0xee, 0xc7, 0xb0, 0x8a, 0xaf, 0x6c, 0x37, 0x74, 0x70, 0x4e, 0xdb, 0x2b, 0xd7, 0xd2, - 0x36, 0x49, 0xa0, 0x45, 0x75, 0xf7, 0xa1, 0x49, 0xa5, 0x44, 0x21, 0x63, 0x1d, 0xde, 0x50, 0x3a, - 0x2a, 0x9a, 0x16, 0xf4, 0x5f, 0xff, 0xcf, 0xfa, 0xff, 0x0e, 0xee, 0xce, 0xf7, 0xa8, 0x40, 0x17, - 0x6d, 0xb5, 0x7b, 0x43, 0x25, 0xef, 0x5f, 0x22, 0xcb, 0x67, 0x69, 0x9c, 0x79, 0x87, 0x96, 0xda, - 0x8d, 0xd7, 0x1a, 0xdc, 0x5b, 0x6e, 0x92, 0x7f, 0x33, 0x2c, 0xbe, 0x5a, 0x1a, 0x16, 0x1f, 0x5c, - 0x36, 0x2c, 0xf2, 0x52, 0xfd, 0x1f, 0xe3, 0xe2, 0x27, 0xe8, 0x5f, 0xb5, 0xfd, 0x3f, 0x9c, 0x17, - 0x79, 0x02, 0xcb, 0x1f, 0x3d, 0x47, 0x5b, 0x66, 0xf3, 0x22, 0xf7, 0x1c, 0x2b, 0x87, 0xf1, 0x39, - 0xbc, 0x77, 0x1d, 0xba, 0xa3, 0xa2, 0xd2, 0x40, 0xfd, 0x95, 0xe2, 0x52, 0xd7, 0x68, 0x10, 0x1c, - 0x38, 0xc6, 0x17, 0xf0, 0xfe, 0xb5, 0x2e, 0xbc, 0x80, 0xaf, 0xa7, 0xf8, 0x5f, 0x34, 0xb8, 0x53, - 0xde, 0x11, 0xe4, 0x13, 0xe8, 0xce, 0x37, 0x15, 0x95, 0x92, 0xda, 0x93, 0x29, 0x7a, 0x32, 0x39, - 0xc3, 0x7c, 0xd3, 0xed, 0x64, 0x6e, 0xf2, 0x21, 0x74, 0x38, 0xbe, 0x08, 0x19, 0x47, 0x6b, 0xee, - 0x1d, 0x53, 0x51, 0x5b, 0x93, 0xc4, 0x67, 0x16, 0xde, 0x2c, 0xa5, 0x7f, 0xb0, 0xea, 0x25, 0x7f, - 0xb0, 0x4f, 0xa1, 0x53, 0x26, 0xc6, 0xd2, 0x66, 0xbc, 0x09, 0x95, 0xac, 0x11, 0x2b, 0xcc, 0x31, - 0x1e, 0x15, 0x9f, 0x28, 0xd9, 0x90, 0x28, 0x85, 0xb6, 0xa1, 0x4a, 0xdd, 0xb1, 0xc2, 0xd6, 0xcc, - 0x68, 0x69, 0xec, 0x03, 0x59, 0x9e, 0x70, 0xc9, 0x16, 0x31, 0xb2, 0xc2, 0x9c, 0x28, 0x97, 0x47, - 0xa7, 0xa8, 0x80, 0x0d, 0x53, 0xad, 0x0f, 0xf5, 0x7a, 0xb5, 0xad, 0x9b, 0x3a, 0xb3, 0x7d, 0xcf, - 0xb0, 0x00, 0xf2, 0xb9, 0x57, 0x40, 0xb7, 0x2e, 0x43, 0x93, 0x87, 0xd0, 0x72, 0x98, 0x08, 0x5c, - 0x3a, 0xb3, 0x94, 0x2f, 0x2e, 0x4c, 0x33, 0xb1, 0x3d, 0x8d, 0x37, 0xd0, 0xdb, 0xb5, 0x78, 0x83, - 0xdd, 0x27, 0xbf, 0x9f, 0xf7, 0xb4, 0x3f, 0xcf, 0x7b, 0xda, 0xeb, 0xf3, 0x9e, 0xf6, 0xfd, 0x97, - 0x63, 0x26, 0x27, 0xe1, 0x68, 0xcb, 0xf6, 0xa7, 0xc3, 0x31, 0xa7, 0x2f, 0x59, 0xdc, 0x7f, 0xd4, - 0x1d, 0x66, 0xef, 0x6e, 0x1a, 0xb0, 0x85, 0x47, 0xf7, 0xa3, 0x74, 0x11, 0x8c, 0x46, 0x2b, 0xea, - 0x5d, 0xfd, 0xd1, 0xdf, 0x01, 0x00, 0x00, 0xff, 0xff, 0x89, 0xb7, 0x8c, 0x49, 0xa8, 0x0b, 0x00, - 0x00, -} - -func (m *SessionData) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *SessionData) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *SessionData) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if m.XXX_unrecognized != nil { - i -= len(m.XXX_unrecognized) - copy(dAtA[i:], m.XXX_unrecognized) - } - if len(m.UserVerification) > 0 { - i -= len(m.UserVerification) - copy(dAtA[i:], m.UserVerification) - i = encodeVarintWebauthn(dAtA, i, uint64(len(m.UserVerification))) - i-- - dAtA[i] = 0x2a - } - if m.ResidentKey { - i-- - if m.ResidentKey { - dAtA[i] = 1 - } else { - dAtA[i] = 0 - } - i-- - dAtA[i] = 0x20 - } - if len(m.AllowCredentials) > 0 { - for iNdEx := len(m.AllowCredentials) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.AllowCredentials[iNdEx]) - copy(dAtA[i:], m.AllowCredentials[iNdEx]) - i = encodeVarintWebauthn(dAtA, i, uint64(len(m.AllowCredentials[iNdEx]))) - i-- - dAtA[i] = 0x1a - } - } - if len(m.UserId) > 0 { - i -= len(m.UserId) - copy(dAtA[i:], m.UserId) - i = encodeVarintWebauthn(dAtA, i, uint64(len(m.UserId))) - i-- - dAtA[i] = 0x12 - } - if len(m.Challenge) > 0 { - i -= len(m.Challenge) - copy(dAtA[i:], m.Challenge) - i = encodeVarintWebauthn(dAtA, i, uint64(len(m.Challenge))) - i-- - dAtA[i] = 0xa - } - return len(dAtA) - i, nil + // 962 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x5d, 0x6f, 0x1b, 0x45, + 0x17, 0xd6, 0xda, 0xeb, 0xbc, 0xf1, 0xb1, 0xdf, 0xca, 0x99, 0xb8, 0xc5, 0x2a, 0xad, 0x71, 0x17, + 0x90, 0x2c, 0xd2, 0xc6, 0x28, 0x5c, 0x41, 0x05, 0x28, 0x24, 0x45, 0x24, 0x51, 0xeb, 0x68, 0x10, + 0x48, 0x70, 0xb3, 0x1a, 0xef, 0x1e, 0xec, 0x29, 0xeb, 0xdd, 0xe9, 0xcc, 0x6c, 0x53, 0x8b, 0x9f, + 0xc4, 0x1d, 0x57, 0xdc, 0x71, 0xcb, 0x25, 0xff, 0x80, 0x2a, 0xbf, 0x04, 0xed, 0xec, 0x97, 0x3f, + 0x36, 0x4d, 0x00, 0x89, 0xbb, 0xd9, 0x73, 0xce, 0x73, 0xce, 0xcc, 0x33, 0xe7, 0x39, 0x3b, 0xf0, + 0x48, 0x63, 0x80, 0x22, 0x92, 0x7a, 0x14, 0xe0, 0x94, 0x79, 0x8b, 0x91, 0x5e, 0x08, 0x54, 0xa3, + 0x0b, 0x9c, 0xb0, 0x58, 0xcf, 0xc2, 0x62, 0xb1, 0x2f, 0x64, 0xa4, 0x23, 0xb2, 0x9d, 0x7f, 0xdf, + 0xed, 0x4e, 0xa3, 0x69, 0x64, 0x8c, 0xa3, 0x64, 0x95, 0xfa, 0x9d, 0x3d, 0xb0, 0xbf, 0x51, 0x28, + 0xc9, 0xbb, 0xf0, 0xff, 0x3c, 0xb1, 0x1b, 0x2b, 0x94, 0x3d, 0x6b, 0x60, 0x0d, 0x9b, 0xb4, 0x9d, + 0x1b, 0x93, 0x20, 0x87, 0xc1, 0xee, 0x91, 0x44, 0x1f, 0x43, 0xcd, 0x59, 0x70, 0xa8, 0x14, 0x4a, + 0xcd, 0xa3, 0x90, 0x9c, 0x02, 0x88, 0x78, 0x12, 0x70, 0xcf, 0xfd, 0x11, 0x17, 0x06, 0xd8, 0x3a, + 0xd8, 0xdb, 0x2f, 0x36, 0x72, 0x6e, 0x7c, 0x67, 0xb8, 0x28, 0xb1, 0x14, 0x5f, 0xc4, 0xa8, 0xf4, + 0x58, 0x24, 0x78, 0x45, 0x9b, 0x22, 0x0f, 0x71, 0x7e, 0xab, 0xc1, 0x83, 0x6b, 0x01, 0xe4, 0x1e, + 0x34, 0xbd, 0x19, 0x0b, 0x02, 0x0c, 0xa7, 0x68, 0x0a, 0xb6, 0x69, 0x69, 0x20, 0xf7, 0x01, 0x34, + 0x9f, 0x63, 0x14, 0x6b, 0x77, 0xae, 0x7a, 0xb5, 0x81, 0x35, 0xac, 0xd3, 0x66, 0x66, 0x79, 0xaa, + 0xc8, 0x2e, 0x34, 0xa4, 0x70, 0xb9, 0xdf, 0xab, 0x9b, 0x23, 0xda, 0x52, 0x9c, 0xf8, 0xe4, 0x0c, + 0x76, 0x58, 0x10, 0x44, 0x17, 0xae, 0x57, 0xd4, 0x54, 0x3d, 0x7b, 0x50, 0x1f, 0xb6, 0x0e, 0xfa, + 0xe5, 0x51, 0xca, 0x0d, 0x1d, 0xa3, 0xf2, 0x24, 0x17, 0x3a, 0x92, 0xb4, 0x63, 0x80, 0xa5, 0x4b, + 0x91, 0x67, 0x00, 0xf8, 0x4a, 0x63, 0xa8, 0x92, 0xcd, 0xf6, 0x1a, 0x86, 0x90, 0xfd, 0x32, 0xcb, + 0x61, 0xac, 0x67, 0x49, 0xa8, 0xc7, 0x92, 0xd3, 0x3c, 0x29, 0x22, 0x8f, 0x02, 0x8e, 0xa1, 0x3e, + 0x09, 0x45, 0xac, 0x15, 0x5d, 0xca, 0x40, 0xf6, 0x60, 0x27, 0xb9, 0x13, 0xf7, 0x25, 0x4a, 0xfe, + 0x43, 0x06, 0xeb, 0x6d, 0x99, 0xdd, 0x77, 0x12, 0xc7, 0xb7, 0x4b, 0x76, 0xe7, 0x4f, 0x0b, 0xde, + 0xae, 0xb8, 0x25, 0x8a, 0x4a, 0x44, 0xa1, 0x42, 0x42, 0xc0, 0x4e, 0x5a, 0x26, 0xbb, 0x60, 0xb3, + 0x26, 0xb7, 0x61, 0x4b, 0xb2, 0x8b, 0x84, 0x93, 0x9a, 0x21, 0xb3, 0x21, 0xd9, 0xc5, 0x89, 0x4f, + 0x8e, 0x61, 0x5b, 0x66, 0x30, 0x43, 0x56, 0xeb, 0x60, 0x58, 0x79, 0x8a, 0x48, 0x6e, 0x94, 0xa1, + 0x05, 0x92, 0x8c, 0x57, 0xd8, 0xb0, 0x4d, 0x9e, 0xd1, 0x4d, 0xd9, 0x18, 0xc7, 0x7a, 0x9d, 0x0e, + 0xe7, 0x57, 0x0b, 0xfa, 0x6f, 0xae, 0x4e, 0x86, 0xd0, 0xf1, 0x0c, 0xde, 0xf5, 0x99, 0x66, 0xee, + 0x73, 0x15, 0x85, 0x59, 0x9f, 0xdc, 0x4a, 0xed, 0xc7, 0x4c, 0xb3, 0x53, 0x15, 0x85, 0xe4, 0x11, + 0x10, 0xb6, 0x9c, 0xcb, 0x00, 0x32, 0x1a, 0x76, 0x56, 0x3c, 0x09, 0x24, 0xe9, 0x3c, 0xc5, 0xa7, + 0x21, 0xd3, 0xb1, 0x4c, 0x39, 0x69, 0xd3, 0xd2, 0x40, 0xde, 0x81, 0x96, 0xb9, 0xa8, 0x19, 0x0b, + 0xfd, 0x00, 0xcd, 0x59, 0xdb, 0x14, 0x12, 0xd3, 0x57, 0xc6, 0xe2, 0x30, 0x20, 0xe5, 0xdd, 0x1c, + 0x49, 0x34, 0x67, 0x26, 0x67, 0x15, 0x02, 0x7a, 0xf8, 0x46, 0x01, 0xe5, 0xd0, 0x0a, 0x05, 0xfd, + 0x6c, 0x83, 0x73, 0x3d, 0xe2, 0x1a, 0x09, 0x3d, 0x84, 0x9a, 0x14, 0x86, 0x85, 0xd6, 0xc1, 0xbd, + 0x72, 0x27, 0x14, 0x83, 0x05, 0x0f, 0xa7, 0xe7, 0x4c, 0xea, 0xc5, 0x93, 0x50, 0x73, 0xbd, 0xa0, + 0x35, 0x29, 0xc8, 0x10, 0x6c, 0x33, 0x33, 0xd2, 0x1e, 0xe9, 0x96, 0xf1, 0xc9, 0xd4, 0xc8, 0xe2, + 0x4c, 0x04, 0xa1, 0x70, 0xbb, 0x14, 0x98, 0x2b, 0x98, 0x64, 0x73, 0xd4, 0x28, 0x73, 0xa9, 0xdd, + 0xaf, 0x92, 0xda, 0x79, 0x1e, 0x45, 0xbb, 0xde, 0xa6, 0x51, 0xad, 0xc9, 0xbd, 0xb1, 0x2e, 0xf7, + 0x31, 0xec, 0xe2, 0x2b, 0x2f, 0x88, 0x7d, 0x5c, 0xd1, 0xf6, 0xd6, 0x8d, 0xb4, 0x4d, 0x32, 0xe8, + 0xb2, 0xba, 0x07, 0xd0, 0x62, 0x5a, 0xa3, 0xd2, 0xa9, 0x0e, 0xff, 0x67, 0x74, 0xb4, 0x6c, 0x5a, + 0xd3, 0xff, 0xf6, 0xbf, 0xd6, 0xff, 0x77, 0xf0, 0xd6, 0x6a, 0x8f, 0x2a, 0x0c, 0xd0, 0x33, 0xd5, + 0x9b, 0x26, 0xf9, 0xe0, 0x0a, 0x59, 0x7e, 0x9d, 0xc7, 0xd1, 0x3b, 0xac, 0xd2, 0xee, 0xbc, 0xb6, + 0xe0, 0xee, 0x66, 0x93, 0xfc, 0x93, 0x61, 0xf1, 0xe5, 0xc6, 0xb0, 0xf8, 0xe0, 0xaa, 0x61, 0x51, + 0x52, 0xf5, 0x5f, 0x8c, 0x8b, 0x9f, 0x60, 0x70, 0x5d, 0xf9, 0xbf, 0x39, 0x2f, 0xca, 0x04, 0x6e, + 0x34, 0x79, 0x8e, 0x9e, 0x2e, 0xe6, 0x45, 0xe9, 0x19, 0x1b, 0x87, 0xf3, 0x29, 0xbc, 0x77, 0x93, + 0xeb, 0x4e, 0x48, 0x65, 0xc2, 0xfc, 0x95, 0x52, 0xaa, 0x1b, 0x4c, 0x88, 0x13, 0xdf, 0xf9, 0x0c, + 0xde, 0xbf, 0xd1, 0x81, 0xd7, 0xf0, 0xdb, 0x39, 0xfe, 0x17, 0x0b, 0xee, 0x54, 0x77, 0x04, 0xf9, + 0x18, 0x7a, 0xab, 0x4d, 0xc5, 0xb4, 0x66, 0xde, 0x6c, 0x8e, 0xa1, 0xce, 0xf6, 0xb0, 0xda, 0x74, + 0x87, 0x85, 0x9b, 0x7c, 0x08, 0x5d, 0x89, 0x2f, 0x62, 0x2e, 0xd1, 0x95, 0xa8, 0x78, 0xd2, 0x3c, + 0x66, 0x72, 0xd5, 0x4c, 0x69, 0x92, 0xf9, 0x68, 0xe6, 0x3a, 0xc3, 0x45, 0xf5, 0x1f, 0xac, 0x7e, + 0xc5, 0x1f, 0xec, 0x13, 0xe8, 0x56, 0x89, 0xb1, 0xb2, 0x19, 0x6f, 0x41, 0xad, 0x68, 0xc4, 0x1a, + 0xf7, 0x9d, 0xc7, 0xcb, 0x4f, 0x94, 0x62, 0x48, 0x54, 0x42, 0x3b, 0x50, 0x67, 0xc1, 0xd4, 0x60, + 0x1b, 0x34, 0x59, 0x3a, 0xc7, 0x40, 0x36, 0x27, 0x5c, 0x56, 0x22, 0x45, 0xd6, 0xb8, 0x9f, 0xe4, + 0x0a, 0xd9, 0x1c, 0x0d, 0xb0, 0x49, 0xcd, 0xfa, 0xd4, 0xde, 0xae, 0x77, 0x6c, 0x6a, 0x73, 0x2f, + 0x0a, 0x1d, 0x17, 0xa0, 0x9c, 0x7b, 0x4b, 0xe8, 0xf6, 0x55, 0x68, 0xf2, 0x00, 0xda, 0x3e, 0x57, + 0x22, 0x60, 0x0b, 0xd7, 0xf8, 0x52, 0x62, 0x5a, 0x99, 0xed, 0x59, 0x5a, 0xc0, 0xee, 0x34, 0xd2, + 0x02, 0x5f, 0x3c, 0xfd, 0xfd, 0xb2, 0x6f, 0xfd, 0x71, 0xd9, 0xb7, 0x5e, 0x5f, 0xf6, 0xad, 0xef, + 0x3f, 0x9f, 0x72, 0x3d, 0x8b, 0x27, 0xfb, 0x5e, 0x34, 0x1f, 0x4d, 0x25, 0x7b, 0xc9, 0xd3, 0xfe, + 0x63, 0xc1, 0xa8, 0x78, 0x29, 0x32, 0xc1, 0xd7, 0x9e, 0x89, 0x8f, 0xf3, 0x85, 0x98, 0x4c, 0xb6, + 0xcc, 0x4b, 0xf0, 0xa3, 0xbf, 0x02, 0x00, 0x00, 0xff, 0xff, 0xbb, 0x5b, 0x9d, 0x27, 0x5a, 0x0a, + 0x00, 0x00, } func (m *User) Marshal() (dAtA []byte, err error) { @@ -2223,39 +2060,6 @@ func encodeVarintWebauthn(dAtA []byte, offset int, v uint64) int { dAtA[offset] = uint8(v) return base } -func (m *SessionData) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Challenge) - if l > 0 { - n += 1 + l + sovWebauthn(uint64(l)) - } - l = len(m.UserId) - if l > 0 { - n += 1 + l + sovWebauthn(uint64(l)) - } - if len(m.AllowCredentials) > 0 { - for _, b := range m.AllowCredentials { - l = len(b) - n += 1 + l + sovWebauthn(uint64(l)) - } - } - if m.ResidentKey { - n += 2 - } - l = len(m.UserVerification) - if l > 0 { - n += 1 + l + sovWebauthn(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - func (m *User) Size() (n int) { if m == nil { return 0 @@ -2639,209 +2443,6 @@ func sovWebauthn(x uint64) (n int) { func sozWebauthn(x uint64) (n int) { return sovWebauthn(uint64((x << 1) ^ uint64((int64(x) >> 63)))) } -func (m *SessionData) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowWebauthn - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: SessionData: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: SessionData: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Challenge", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowWebauthn - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthWebauthn - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthWebauthn - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.Challenge = append(m.Challenge[:0], dAtA[iNdEx:postIndex]...) - if m.Challenge == nil { - m.Challenge = []byte{} - } - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserId", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowWebauthn - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthWebauthn - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthWebauthn - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.UserId = append(m.UserId[:0], dAtA[iNdEx:postIndex]...) - if m.UserId == nil { - m.UserId = []byte{} - } - iNdEx = postIndex - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field AllowCredentials", wireType) - } - var byteLen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowWebauthn - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - byteLen |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - if byteLen < 0 { - return ErrInvalidLengthWebauthn - } - postIndex := iNdEx + byteLen - if postIndex < 0 { - return ErrInvalidLengthWebauthn - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.AllowCredentials = append(m.AllowCredentials, make([]byte, postIndex-iNdEx)) - copy(m.AllowCredentials[len(m.AllowCredentials)-1], dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ResidentKey", wireType) - } - var v int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowWebauthn - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - v |= int(b&0x7F) << shift - if b < 0x80 { - break - } - } - m.ResidentKey = bool(v != 0) - case 5: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field UserVerification", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowWebauthn - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthWebauthn - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthWebauthn - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.UserVerification = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipWebauthn(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthWebauthn - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} func (m *User) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/lib/auth/webauthn/login.go b/lib/auth/webauthn/login.go index cfd659278a542..ae4e71cbb5c5d 100644 --- a/lib/auth/webauthn/login.go +++ b/lib/auth/webauthn/login.go @@ -33,7 +33,6 @@ import ( log "github.com/sirupsen/logrus" "github.com/gravitational/teleport/api/types" - wanpb "github.com/gravitational/teleport/api/types/webauthn" wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes" ) @@ -53,8 +52,8 @@ type loginIdentity interface { // * Passwordless uses global variants // (services.Identity.Update/Get/DeleteGlobalWebauthnSessionData methods). type sessionIdentity interface { - Upsert(ctx context.Context, user string, sd *wanpb.SessionData) error - Get(ctx context.Context, user string, challenge string) (*wanpb.SessionData, error) + Upsert(ctx context.Context, user string, sd *wantypes.SessionData) error + Get(ctx context.Context, user string, challenge string) (*wantypes.SessionData, error) Delete(ctx context.Context, user string, challenge string) error } @@ -163,11 +162,13 @@ func (f *loginFlow) begin(ctx context.Context, user string, passwordless bool) ( } // Store SessionData - it's checked against the user response by Finish. - sessionDataPB, err := sessionToPB(sessionData) + sd, err := wantypes.SessionDataFromProtocol(sessionData) if err != nil { return nil, trace.Wrap(err) } - if err := f.sessionData.Upsert(ctx, user, sessionDataPB); err != nil { + // TODO(Joerger): set challenge extensions from caller + + if err := f.sessionData.Upsert(ctx, user, sd); err != nil { return nil, trace.Wrap(err) } @@ -254,11 +255,11 @@ func (f *loginFlow) finish(ctx context.Context, user string, resp *wantypes.Cred // Fetch the previously-stored SessionData, so it's checked against the user // response. challenge := parsedResp.Response.CollectedClientData.Challenge - sessionDataPB, err := f.sessionData.Get(ctx, user, challenge) + sd, err := f.sessionData.Get(ctx, user, challenge) if err != nil { return nil, "", trace.Wrap(err) } - sessionData := sessionFromPB(sessionDataPB) + sessionData := wantypes.SessionDataToProtocol(sd) // Make sure _all_ credentials in the session are accounted for by the user. // webauthn.ValidateLogin requires it. diff --git a/lib/auth/webauthn/login_mfa.go b/lib/auth/webauthn/login_mfa.go index 0d8b100ca6029..8b083e4a0c706 100644 --- a/lib/auth/webauthn/login_mfa.go +++ b/lib/auth/webauthn/login_mfa.go @@ -25,7 +25,6 @@ import ( "github.com/gravitational/trace" "github.com/gravitational/teleport/api/types" - wanpb "github.com/gravitational/teleport/api/types/webauthn" wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes" ) @@ -44,8 +43,8 @@ type LoginIdentity interface { GetMFADevices(ctx context.Context, user string, withSecrets bool) ([]*types.MFADevice, error) UpsertMFADevice(ctx context.Context, user string, d *types.MFADevice) error - UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wanpb.SessionData) error - GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wanpb.SessionData, error) + UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wantypes.SessionData) error + GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wantypes.SessionData, error) DeleteWebauthnSessionData(ctx context.Context, user, sessionID string) error } @@ -130,11 +129,11 @@ func (m mfaIdentity) GetTeleportUserByWebauthnID(_ context.Context, _ []byte) (s // userSessionStorage implements sessionIdentity using LoginFlow. type userSessionStorage LoginFlow -func (s *userSessionStorage) Upsert(ctx context.Context, user string, sd *wanpb.SessionData) error { +func (s *userSessionStorage) Upsert(ctx context.Context, user string, sd *wantypes.SessionData) error { return s.Identity.UpsertWebauthnSessionData(ctx, user, scopeLogin, sd) } -func (s *userSessionStorage) Get(ctx context.Context, user string, _ string) (*wanpb.SessionData, error) { +func (s *userSessionStorage) Get(ctx context.Context, user string, _ string) (*wantypes.SessionData, error) { return s.Identity.GetWebauthnSessionData(ctx, user, scopeLogin) } diff --git a/lib/auth/webauthn/login_passwordless.go b/lib/auth/webauthn/login_passwordless.go index 932df3b2c107b..0c28d0d5a463c 100644 --- a/lib/auth/webauthn/login_passwordless.go +++ b/lib/auth/webauthn/login_passwordless.go @@ -24,7 +24,6 @@ import ( "errors" "github.com/gravitational/teleport/api/types" - wanpb "github.com/gravitational/teleport/api/types/webauthn" wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes" ) @@ -34,8 +33,8 @@ type PasswordlessIdentity interface { GetMFADevices(ctx context.Context, user string, withSecrets bool) ([]*types.MFADevice, error) UpsertMFADevice(ctx context.Context, user string, d *types.MFADevice) error - UpsertGlobalWebauthnSessionData(ctx context.Context, scope, id string, sd *wanpb.SessionData) error - GetGlobalWebauthnSessionData(ctx context.Context, scope, id string) (*wanpb.SessionData, error) + UpsertGlobalWebauthnSessionData(ctx context.Context, scope, id string, sd *wantypes.SessionData) error + GetGlobalWebauthnSessionData(ctx context.Context, scope, id string) (*wantypes.SessionData, error) DeleteGlobalWebauthnSessionData(ctx context.Context, scope, id string) error GetTeleportUserByWebauthnID(ctx context.Context, webID []byte) (string, error) } @@ -84,12 +83,12 @@ func (p passwordlessIdentity) GetWebauthnLocalAuth(ctx context.Context, user str type globalSessionStorage PasswordlessFlow -func (g *globalSessionStorage) Upsert(ctx context.Context, user string, sd *wanpb.SessionData) error { +func (g *globalSessionStorage) Upsert(ctx context.Context, user string, sd *wantypes.SessionData) error { id := base64.RawURLEncoding.EncodeToString(sd.Challenge) return g.Identity.UpsertGlobalWebauthnSessionData(ctx, scopeLogin, id, sd) } -func (g *globalSessionStorage) Get(ctx context.Context, user string, challenge string) (*wanpb.SessionData, error) { +func (g *globalSessionStorage) Get(ctx context.Context, user string, challenge string) (*wantypes.SessionData, error) { return g.Identity.GetGlobalWebauthnSessionData(ctx, scopeLogin, challenge) } diff --git a/lib/auth/webauthn/login_test.go b/lib/auth/webauthn/login_test.go index 2b472c81a9ac1..7c3c0aefd827e 100644 --- a/lib/auth/webauthn/login_test.go +++ b/lib/auth/webauthn/login_test.go @@ -26,14 +26,12 @@ import ( "time" "github.com/go-webauthn/webauthn/protocol" - "github.com/gogo/protobuf/proto" "github.com/google/go-cmp/cmp" "github.com/gravitational/trace" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/gravitational/teleport/api/types" - wanpb "github.com/gravitational/teleport/api/types/webauthn" "github.com/gravitational/teleport/lib/auth/mocku2f" wanlib "github.com/gravitational/teleport/lib/auth/webauthn" wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes" @@ -130,7 +128,7 @@ func TestLoginFlow_BeginFinish(t *testing.T) { // Did we record the SessionData in storage? require.Len(t, identity.SessionData, 1) // Did we record the web ID in the SessionData? - var sd *wanpb.SessionData + var sd *wantypes.SessionData for _, v := range identity.SessionData { sd = v // Retrieve without guessing the key break @@ -412,20 +410,19 @@ func TestPasswordlessFlow_BeginAndFinish(t *testing.T) { // Verify that we recorded user verification requirements in storage. require.Len(t, identity.SessionData, 1) - var sd *wanpb.SessionData + var sd *wantypes.SessionData for _, v := range identity.SessionData { sd = v // Get SessionData without guessing the key. break } - wantSD := &wanpb.SessionData{ + wantSD := &wantypes.SessionData{ Challenge: sd.Challenge, - UserId: nil, // aka unset - AllowCredentials: nil, // aka unset - ResidentKey: false, // irrelevant for login + UserId: nil, // aka unset + AllowCredentials: [][]uint8{}, // aka unset + ResidentKey: false, // irrelevant for login UserVerification: string(protocol.VerificationRequired), } - if !proto.Equal(sd, wantSD) { - diff := cmp.Diff(wantSD, sd) + if diff := cmp.Diff(wantSD, sd); diff != "" { t.Fatalf("SessionData mismatch (-want +got):\n%s", diff) } @@ -630,7 +627,7 @@ type fakeIdentity struct { // It's automatically assigned when UpsertWebauthnLocalAuth is called. MappedUser string UpdatedDevices []*types.MFADevice - SessionData map[string]*wanpb.SessionData + SessionData map[string]*wantypes.SessionData } func newFakeIdentity(user string, devices ...*types.MFADevice) *fakeIdentity { @@ -645,7 +642,7 @@ func newFakeIdentity(user string, devices ...*types.MFADevice) *fakeIdentity { }, }, }, - SessionData: make(map[string]*wanpb.SessionData), + SessionData: make(map[string]*wantypes.SessionData), } } @@ -690,12 +687,12 @@ func (f *fakeIdentity) GetTeleportUserByWebauthnID(ctx context.Context, webID [] return f.MappedUser, nil } -func (f *fakeIdentity) UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wanpb.SessionData) error { +func (f *fakeIdentity) UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wantypes.SessionData) error { f.SessionData[sessionDataKey(user, sessionID)] = sd return nil } -func (f *fakeIdentity) GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wanpb.SessionData, error) { +func (f *fakeIdentity) GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wantypes.SessionData, error) { sd, ok := f.SessionData[sessionDataKey(user, sessionID)] if !ok { return nil, trace.NotFound("not found") @@ -712,12 +709,12 @@ func sessionDataKey(user string, sessionID string) string { return fmt.Sprintf("user/%v/%v", user, sessionID) } -func (f *fakeIdentity) UpsertGlobalWebauthnSessionData(ctx context.Context, scope, id string, sd *wanpb.SessionData) error { +func (f *fakeIdentity) UpsertGlobalWebauthnSessionData(ctx context.Context, scope, id string, sd *wantypes.SessionData) error { f.SessionData[globalSessionDataKey(scope, id)] = sd return nil } -func (f *fakeIdentity) GetGlobalWebauthnSessionData(ctx context.Context, scope, id string) (*wanpb.SessionData, error) { +func (f *fakeIdentity) GetGlobalWebauthnSessionData(ctx context.Context, scope, id string) (*wantypes.SessionData, error) { sd, ok := f.SessionData[globalSessionDataKey(scope, id)] if !ok { return nil, trace.NotFound("not found") diff --git a/lib/auth/webauthn/register.go b/lib/auth/webauthn/register.go index 99a96ea1ced8b..253bd8dbd553d 100644 --- a/lib/auth/webauthn/register.go +++ b/lib/auth/webauthn/register.go @@ -34,7 +34,6 @@ import ( log "github.com/sirupsen/logrus" "github.com/gravitational/teleport/api/types" - wanpb "github.com/gravitational/teleport/api/types/webauthn" wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes" ) @@ -47,8 +46,8 @@ type RegistrationIdentity interface { GetMFADevices(ctx context.Context, user string, withSecrets bool) ([]*types.MFADevice, error) UpsertMFADevice(ctx context.Context, user string, d *types.MFADevice) error - UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wanpb.SessionData) error - GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wanpb.SessionData, error) + UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wantypes.SessionData) error + GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wantypes.SessionData, error) DeleteWebauthnSessionData(ctx context.Context, user, sessionID string) error } @@ -57,7 +56,7 @@ type RegistrationIdentity interface { func WithInMemorySessionData(identity RegistrationIdentity) RegistrationIdentity { return &inMemoryIdentity{ RegistrationIdentity: identity, - sessionData: make(map[string]*wanpb.SessionData), + sessionData: make(map[string]*wantypes.SessionData), } } @@ -68,17 +67,17 @@ type inMemoryIdentity struct { // We don't foresee concurrent use for inMemoryIdentity, but it's easy enough // to play it safe. mu sync.RWMutex - sessionData map[string]*wanpb.SessionData + sessionData map[string]*wantypes.SessionData } -func (identity *inMemoryIdentity) UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wanpb.SessionData) error { +func (identity *inMemoryIdentity) UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wantypes.SessionData) error { identity.mu.Lock() defer identity.mu.Unlock() identity.sessionData[sessionDataKey(user, sessionID)] = sd return nil } -func (identity *inMemoryIdentity) GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wanpb.SessionData, error) { +func (identity *inMemoryIdentity) GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wantypes.SessionData, error) { identity.mu.RLock() defer identity.mu.RUnlock() sd, ok := identity.sessionData[sessionDataKey(user, sessionID)] @@ -189,11 +188,11 @@ func (f *RegistrationFlow) Begin(ctx context.Context, user string, passwordless // TODO(codingllama): Send U2F App ID back in creation requests too. Useful to // detect duplicate devices. - sessionDataPB, err := sessionToPB(sessionData) + sd, err := wantypes.SessionDataFromProtocol(sessionData) if err != nil { return nil, trace.Wrap(err) } - if err := f.Identity.UpsertWebauthnSessionData(ctx, user, scopeSession, sessionDataPB); err != nil { + if err := f.Identity.UpsertWebauthnSessionData(ctx, user, scopeSession, sd); err != nil { return nil, trace.Wrap(err) } @@ -280,11 +279,11 @@ func (f *RegistrationFlow) Finish(ctx context.Context, req RegisterResponse) (*t } u := newWebUser(req.User, wla.UserID, true /* credentialIDOnly */, nil /* devices */) - sessionDataPB, err := f.Identity.GetWebauthnSessionData(ctx, req.User, scopeSession) + sd, err := f.Identity.GetWebauthnSessionData(ctx, req.User, scopeSession) if err != nil { return nil, trace.Wrap(err) } - sessionData := sessionFromPB(sessionDataPB) + sessionData := wantypes.SessionDataToProtocol(sd) // Activate passwordless switches (resident key, user verification) if we // required verification in the begin step. diff --git a/lib/auth/webauthn/session.go b/lib/auth/webauthn/session.go index 58c8c65c5ed45..0ccabbe271c4c 100644 --- a/lib/auth/webauthn/session.go +++ b/lib/auth/webauthn/session.go @@ -18,16 +18,6 @@ package webauthn -import ( - "encoding/base64" - - "github.com/go-webauthn/webauthn/protocol" - wan "github.com/go-webauthn/webauthn/webauthn" - "github.com/gravitational/trace" - - wanpb "github.com/gravitational/teleport/api/types/webauthn" -) - // scopeLogin identifies session data stored for login. // It is used as the scope for global session data and as the sessionID for // per-user session data. @@ -38,27 +28,3 @@ const scopeLogin = "login" // Only one in-flight registration is supported per-user, baring registrations // that use in-memory storage. const scopeSession = "registration" - -func sessionToPB(sd *wan.SessionData) (*wanpb.SessionData, error) { - rawChallenge, err := base64.RawURLEncoding.DecodeString(sd.Challenge) - if err != nil { - return nil, trace.Wrap(err) - } - // TODO(codingllama): Record extensions in stored session data. - return &wanpb.SessionData{ - Challenge: rawChallenge, - UserId: sd.UserID, - AllowCredentials: sd.AllowedCredentialIDs, - UserVerification: string(sd.UserVerification), - }, nil -} - -func sessionFromPB(sd *wanpb.SessionData) *wan.SessionData { - // TODO(codingllama): Record extensions in stored session data. - return &wan.SessionData{ - Challenge: base64.RawURLEncoding.EncodeToString(sd.Challenge), - UserID: sd.UserId, - AllowedCredentialIDs: sd.AllowCredentials, - UserVerification: protocol.UserVerificationRequirement(sd.UserVerification), - } -} diff --git a/lib/auth/webauthncli/u2f_login_test.go b/lib/auth/webauthncli/u2f_login_test.go index 187a8278cddce..cabd5d8895782 100644 --- a/lib/auth/webauthncli/u2f_login_test.go +++ b/lib/auth/webauthncli/u2f_login_test.go @@ -37,7 +37,6 @@ import ( "github.com/stretchr/testify/require" "github.com/gravitational/teleport/api/types" - wanpb "github.com/gravitational/teleport/api/types/webauthn" "github.com/gravitational/teleport/lib/auth/mocku2f" wanlib "github.com/gravitational/teleport/lib/auth/webauthn" wancli "github.com/gravitational/teleport/lib/auth/webauthncli" @@ -426,7 +425,7 @@ type fakeIdentity struct { User string Devices []*types.MFADevice LocalAuth *types.WebauthnLocalAuth - SessionData *wanpb.SessionData + SessionData *wantypes.SessionData } func (f *fakeIdentity) UpsertWebauthnLocalAuth(ctx context.Context, user string, wla *types.WebauthnLocalAuth) error { @@ -457,12 +456,12 @@ func (f *fakeIdentity) UpsertMFADevice(ctx context.Context, user string, d *type return nil } -func (f *fakeIdentity) UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wanpb.SessionData) error { +func (f *fakeIdentity) UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wantypes.SessionData) error { f.SessionData = sd return nil } -func (f *fakeIdentity) GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wanpb.SessionData, error) { +func (f *fakeIdentity) GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wantypes.SessionData, error) { return f.SessionData, nil } diff --git a/lib/auth/webauthntypes/webauthn.go b/lib/auth/webauthntypes/webauthn.go index ee3ddeed2908b..d04a4d4d45037 100644 --- a/lib/auth/webauthntypes/webauthn.go +++ b/lib/auth/webauthntypes/webauthn.go @@ -24,7 +24,10 @@ import ( "github.com/go-webauthn/webauthn/protocol" "github.com/go-webauthn/webauthn/protocol/webauthncose" + "github.com/go-webauthn/webauthn/webauthn" "github.com/gravitational/trace" + + mfav1 "github.com/gravitational/teleport/api/gen/proto/go/teleport/mfa/v1" ) // CredentialAssertion is the payload sent to authenticators to initiate login. @@ -45,7 +48,7 @@ type PublicKeyCredentialRequestOptions struct { } func (a *PublicKeyCredentialRequestOptions) GetAllowedCredentialIDs() [][]byte { - var allowedCredentialIDs = make([][]byte, len(a.AllowedCredentials)) + allowedCredentialIDs := make([][]byte, len(a.AllowedCredentials)) for i, credential := range a.AllowedCredentials { allowedCredentialIDs[i] = credential.CredentialID } @@ -376,3 +379,50 @@ type Credential protocol.Credential type AuthenticationExtensionsClientOutputs struct { AppID bool `json:"appid,omitempty"` } + +// SessionData is a clone of [webauthn.SessionData], materialized here to keep a +// stable JSON marshal/unmarshal representation and add extensions. +// +// TODO(codingllama): Record extensions in stored session data. +type SessionData struct { + // Raw challenge used for the ceremony. + Challenge []byte `json:"challenge,omitempty"` + // Raw User ID. + UserId []byte `json:"userId,omitempty"` + // Raw Credential IDs of the credentials allowed for the ceremony. + AllowCredentials [][]byte `json:"allowCredentials,omitempty"` + // True if resident keys were required by the server / Relying Party. + ResidentKey bool `json:"residentKey,omitempty"` + // Requested user verification requirement, either "discouraged" or + // "required". + // An empty value is treated equivalently to "discouraged". + UserVerification string `json:"userVerification,omitempty"` + // ChallengeExtensions are Teleport extensions that apply to this webauthn session. + ChallengeExtensions *mfav1.ChallengeExtensions `json:"challenge_extensions,omitempty"` +} + +// SessionDataFromProtocol converts a [webauthn.SessionData] struct to an +// internal SessionData struct. +func SessionDataFromProtocol(sd *webauthn.SessionData) (*SessionData, error) { + rawChallenge, err := base64.RawURLEncoding.DecodeString(sd.Challenge) + if err != nil { + return nil, trace.Wrap(err) + } + return &SessionData{ + Challenge: rawChallenge, + UserId: sd.UserID, + AllowCredentials: sd.AllowedCredentialIDs, + UserVerification: string(sd.UserVerification), + }, nil +} + +// SessionDataFromProtocol converts an internal SessionData struct to a +// [webauthn.SessionData] struct. +func SessionDataToProtocol(sd *SessionData) *webauthn.SessionData { + return &webauthn.SessionData{ + Challenge: base64.RawURLEncoding.EncodeToString(sd.Challenge), + UserID: sd.UserId, + AllowedCredentialIDs: sd.AllowCredentials, + UserVerification: protocol.UserVerificationRequirement(sd.UserVerification), + } +} diff --git a/lib/services/identity.go b/lib/services/identity.go index a93bb27d35d29..e8687727f43d3 100644 --- a/lib/services/identity.go +++ b/lib/services/identity.go @@ -32,8 +32,8 @@ import ( "github.com/gravitational/teleport/api/client/proto" "github.com/gravitational/teleport/api/types" - wanpb "github.com/gravitational/teleport/api/types/webauthn" "github.com/gravitational/teleport/api/utils/keys" + wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes" "github.com/gravitational/teleport/lib/defaults" ) @@ -134,11 +134,11 @@ type Identity interface { // storage, for the purpose of later verifying an authentication or // registration challenge. // Session data is expected to expire according to backend settings. - UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wanpb.SessionData) error + UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wantypes.SessionData) error // GetWebauthnSessionData retrieves a previously-stored session data by ID, // if it exists and has not expired. - GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wanpb.SessionData, error) + GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wantypes.SessionData, error) // DeleteWebauthnSessionData deletes session data by ID, if it exists and has // not expired. @@ -148,12 +148,12 @@ type Identity interface { // storage, for the purpose of later verifying an authentication challenge. // Session data is expected to expire according to backend settings. // Used for passwordless challenges. - UpsertGlobalWebauthnSessionData(ctx context.Context, scope, id string, sd *wanpb.SessionData) error + UpsertGlobalWebauthnSessionData(ctx context.Context, scope, id string, sd *wantypes.SessionData) error // GetGlobalWebauthnSessionData retrieves previously-stored session data by ID, // if it exists and has not expired. // Used for passwordless challenges. - GetGlobalWebauthnSessionData(ctx context.Context, scope, id string) (*wanpb.SessionData, error) + GetGlobalWebauthnSessionData(ctx context.Context, scope, id string) (*wantypes.SessionData, error) // DeleteGlobalWebauthnSessionData deletes session data by ID, if it exists // and has not expired. diff --git a/lib/services/local/users.go b/lib/services/local/users.go index 15d7c967e967d..1c4ba7d3119b0 100644 --- a/lib/services/local/users.go +++ b/lib/services/local/users.go @@ -44,6 +44,7 @@ import ( "github.com/gravitational/teleport/api/types" wanpb "github.com/gravitational/teleport/api/types/webauthn" "github.com/gravitational/teleport/api/utils/keys" + wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes" "github.com/gravitational/teleport/lib/backend" "github.com/gravitational/teleport/lib/defaults" "github.com/gravitational/teleport/lib/services" @@ -872,7 +873,7 @@ func webauthnUserKey(id []byte) []byte { return backend.Key(webauthnPrefix, usersPrefix, key) } -func (s *IdentityService) UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wanpb.SessionData) error { +func (s *IdentityService) UpsertWebauthnSessionData(ctx context.Context, user, sessionID string, sd *wantypes.SessionData) error { switch { case user == "": return trace.BadParameter("missing parameter user") @@ -894,7 +895,7 @@ func (s *IdentityService) UpsertWebauthnSessionData(ctx context.Context, user, s return trace.Wrap(err) } -func (s *IdentityService) GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wanpb.SessionData, error) { +func (s *IdentityService) GetWebauthnSessionData(ctx context.Context, user, sessionID string) (*wantypes.SessionData, error) { switch { case user == "": return nil, trace.BadParameter("missing parameter user") @@ -906,7 +907,7 @@ func (s *IdentityService) GetWebauthnSessionData(ctx context.Context, user, sess if err != nil { return nil, trace.Wrap(err) } - sd := &wanpb.SessionData{} + sd := &wantypes.SessionData{} return sd, trace.Wrap(json.Unmarshal(item.Value, sd)) } @@ -967,7 +968,7 @@ var sdLimiter = &globalSessionDataLimiter{ scopeCount: make(map[string]int), } -func (s *IdentityService) UpsertGlobalWebauthnSessionData(ctx context.Context, scope, id string, sd *wanpb.SessionData) error { +func (s *IdentityService) UpsertGlobalWebauthnSessionData(ctx context.Context, scope, id string, sd *wantypes.SessionData) error { switch { case scope == "": return trace.BadParameter("missing parameter scope") @@ -1000,7 +1001,7 @@ func (s *IdentityService) UpsertGlobalWebauthnSessionData(ctx context.Context, s return nil } -func (s *IdentityService) GetGlobalWebauthnSessionData(ctx context.Context, scope, id string) (*wanpb.SessionData, error) { +func (s *IdentityService) GetGlobalWebauthnSessionData(ctx context.Context, scope, id string) (*wantypes.SessionData, error) { switch { case scope == "": return nil, trace.BadParameter("missing parameter scope") @@ -1012,7 +1013,7 @@ func (s *IdentityService) GetGlobalWebauthnSessionData(ctx context.Context, scop if err != nil { return nil, trace.Wrap(err) } - sd := &wanpb.SessionData{} + sd := &wantypes.SessionData{} return sd, trace.Wrap(json.Unmarshal(item.Value, sd)) } diff --git a/lib/services/local/users_test.go b/lib/services/local/users_test.go index 1749e6b9ec5c0..688ff1744580d 100644 --- a/lib/services/local/users_test.go +++ b/lib/services/local/users_test.go @@ -41,8 +41,8 @@ import ( "golang.org/x/crypto/bcrypt" "github.com/gravitational/teleport/api/types" - wanpb "github.com/gravitational/teleport/api/types/webauthn" "github.com/gravitational/teleport/api/utils/keys" + wantypes "github.com/gravitational/teleport/lib/auth/webauthntypes" "github.com/gravitational/teleport/lib/backend" "github.com/gravitational/teleport/lib/backend/memory" "github.com/gravitational/teleport/lib/services" @@ -619,16 +619,16 @@ func TestIdentityService_WebauthnSessionDataCRUD(t *testing.T) { const user2 = "alpaca" // Prepare a few different objects so we can assert that both "user" and // "session" key components are used correctly. - user1Reg := &wanpb.SessionData{ + user1Reg := &wantypes.SessionData{ Challenge: []byte("challenge1-reg"), UserId: []byte("llamaid"), } - user1Login := &wanpb.SessionData{ + user1Login := &wantypes.SessionData{ Challenge: []byte("challenge1-login"), UserId: []byte("llamaid"), AllowCredentials: [][]byte{[]byte("cred1"), []byte("cred2")}, } - user2Login := &wanpb.SessionData{ + user2Login := &wantypes.SessionData{ Challenge: []byte("challenge2"), UserId: []byte("alpacaid"), } @@ -638,7 +638,7 @@ func TestIdentityService_WebauthnSessionDataCRUD(t *testing.T) { const loginSession = "login" params := []struct { user, session string - sd *wanpb.SessionData + sd *wantypes.SessionData }{ {user: user1, session: registerSession, sd: user1Reg}, {user: user1, session: loginSession, sd: user1Login}, @@ -662,7 +662,7 @@ func TestIdentityService_WebauthnSessionDataCRUD(t *testing.T) { } // Verify upsert/update. - user1Reg = &wanpb.SessionData{ + user1Reg = &wantypes.SessionData{ Challenge: []byte("challenge1reg--another"), UserId: []byte("llamaid"), } @@ -690,23 +690,23 @@ func TestIdentityService_GlobalWebauthnSessionDataCRUD(t *testing.T) { t.Parallel() identity := newIdentityService(t, clockwork.NewFakeClock()) - user1Login1 := &wanpb.SessionData{ + user1Login1 := &wantypes.SessionData{ Challenge: []byte("challenge1"), UserId: []byte("user1-web-id"), UserVerification: string(protocol.VerificationRequired), } - user1Login2 := &wanpb.SessionData{ + user1Login2 := &wantypes.SessionData{ Challenge: []byte("challenge2"), UserId: []byte("user1-web-id"), UserVerification: string(protocol.VerificationRequired), } - user1Registration := &wanpb.SessionData{ + user1Registration := &wantypes.SessionData{ Challenge: []byte("challenge3"), UserId: []byte("user1-web-id"), ResidentKey: true, UserVerification: string(protocol.VerificationRequired), } - user2Login := &wanpb.SessionData{ + user2Login := &wantypes.SessionData{ Challenge: []byte("challenge4"), UserId: []byte("user2-web-id"), ResidentKey: true, @@ -719,7 +719,7 @@ func TestIdentityService_GlobalWebauthnSessionDataCRUD(t *testing.T) { const scopeRegister = "register" params := []struct { scope, id string - sd *wanpb.SessionData + sd *wantypes.SessionData }{ {scope: scopeLogin, id: base64.RawURLEncoding.EncodeToString(user1Login1.Challenge), sd: user1Login1}, {scope: scopeLogin, id: base64.RawURLEncoding.EncodeToString(user1Login2.Challenge), sd: user1Login2}, @@ -789,7 +789,7 @@ func TestIdentityService_UpsertGlobalWebauthnSessionData_maxLimit(t *testing.T) const id2 = "challenge2" const id3 = "challenge3" const id4 = "challenge4" - sd := &wanpb.SessionData{ + sd := &wantypes.SessionData{ Challenge: []byte("supersecretchallenge"), // typically matches the key UserVerification: "required", }